Privacy Policy
General
Privacy & Cookies Policy
General
We are Grape Vibes Ltd, a company incorporated in England and Wales whose registered address is
Bath House, 16 Bath Row, Stamford, England, PE9 2QU (referred to herein as Louma Farm and Retreat,
“we”, “us” or “our”, as the context requires).
This Privacy Policy (together with our terms and any other documents referred to in them) sets out
the basis on which any personal data we collect from you, or that you provide to us, will be
processed by us. It applies to our guests, customers and other individuals whose data we may process.
For the purposes of GDPR and UK GDPR, we are the controller of our guests’ and prospective guests’
CRM data to the extent it pertains to natural persons. In some cases, for certain activities offered
at Louma, we may act as joint controllers with the activity provider for the purposes of arranging
and coordinating the provision of the relevant services. Where this applies, you may still exercise
your GDPR and UK GDPR rights against any of the parties.
We have established a joint controller agreement that sets out our respective roles and
responsibilities. If you require further information about this, please contact us at
dpo@aphaia.co.uk.
Louma is part of the Steyn Group and may act as joint controller with other entities within the
group where personal data is shared with them for internal administrative purposes.
We may change this Privacy Policy from time to time, so please check our website regularly for
updates. If we make material changes in the way we use your personal data, we may notify you by
posting a notice on our website or sending you an email to the address provided at the time of
registration.
The Basis for the Processing of Your Data and the Purposes of Processing
Louma Farm and Retreat processes your data for the performance of the contract that you have entered
into for the provision of our services and/or in order to take steps at your request to enter into a
contract with us.
Some data is processed based on Louma Farm and Retreat’s legitimate interests, notably our website
visitors’ data, such as website information used for cybersecurity and error-tracking purposes.
We also rely on our legitimate interests to operate CCTV for security, health and safety, access
control, asset protection and the prevention, detection and investigation of incidents; to manage
the safe and privacy-respecting use of drones at our premises; and to create and use promotional
images and footage where individuals are not the focus.
Where individuals are prominently identifiable in promotional content, we will obtain appropriate
consent or permission. We process age-verification information where necessary to comply with our
legal obligations relating to age-restricted sales and to prevent underage purchases.
Your consent will be required where we process or share some of your data with third parties for a
purpose different from those described in this Privacy Policy and that is not indispensable for the
provision of our services.
We may ask for your consent in other cases where we process your data. Such consent can be revoked at
any time by contacting us at
hello@loumacountryhotel.co.uk.
We may process your personal data for the following purposes:
- To manage bookings and enquiries.
- To deliver activities you may have booked or expressed interest in.
- To communicate with you, send service-related information and provide customer support.
- To send you information about future events and special offers in accordance with the Marketing section below.
- To administer and protect our business and services.
- To protect our guests, visitors, staff, premises and assets through the proportionate use of CCTV.
- To manage requests to operate drones at our premises and create photography and video footage for PR and marketing purposes.
- To verify eligibility to purchase age-restricted products.
- To comply with our legal and regulatory obligations.
- To improve our services and customer experience.
Data We Collect About You
We may collect and process your personal data to operate our website and provide the services you
have requested.
Information You Provide to Us
- Personal Contact Details: name, email address, postal address, phone number and country of residence.
- Family/Other Contact Details: name, email address, postal address, phone number and country of residence.
- Financial Data: bank account details, payment card details and billing address.
- Transaction Data: details about payments and services requested.
- Interaction and Correspondence: information provided through email, surveys, social media and customer service communications.
- Preferences and Other Data: age, dietary requirements, accessibility requirements, personal preferences and medical conditions.
- Age Verification Data: date/year of birth, verification outcome, verification references and related information.
- Professional Data: company name, company address, job title and colleague information in relation to corporate bookings.
- CCTV Data: images, video footage, timestamps, camera location and incident-related information.
- Drone and Filming Data: flight requests, operator details, insurance details, photographs, video footage and consent records.
Sources We Collect Your Data From
- Directly from you when you contact us, interact with us, visit us or make a booking.
- From the person who made a booking on your behalf.
- From publicly available sources such as social media platforms.
- From third-party service providers and partners, including age-verification providers.
- From CCTV systems, photography and filming when you enter monitored areas.
Information We Collect Automatically
We may automatically collect information including your IP address, browser type and version,
referral source, pages visited, actions taken on our website, session duration, access times,
page-response times, errors, device information and location data used for website analytics.
Cookies
This policy explains how we collect and use personal data through cookies and similar technologies.
Types of Cookies We Use and Their Purposes
Cookies are small text files placed on your device by websites that you visit. We use necessary
cookies to make our website function correctly and optional cookies to improve your experience.
The specific cookies used may change over time. For an up-to-date list, please contact
hello@loumacountryhotel.co.uk.
-
Strictly Necessary Cookies:
Required for website functionality, security and legal compliance. -
Analytical Cookies:
Help us understand visitor behaviour and improve website performance. -
Advertising Cookies:
Used to make advertising more relevant and measure effectiveness. -
Functionality Cookies:
Enable personalisation and remember preferences such as chatbot settings.
Lawful Basis for Processing
When you first visit our website, you can accept or decline non-essential cookies through the cookie
banner. You can also change your preferences at any time through the cookie banner or by contacting
us at hello@loumacountryhotel.co.uk.
Duration
-
Session Cookies:
Temporary cookies that expire when you close your browser. -
Persistent Cookies:
Stored between browsing sessions and typically expire after six months.
Managing Your Cookie Preferences
You can manage cookie preferences through our cookie banner or by contacting us at
hello@loumacountryhotel.co.uk.
You can also delete cookies by clearing your browser history. Information on managing cookies can
be found through your browser provider, including Microsoft Edge, Internet Explorer, Chrome,
Firefox and Safari.
To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org
Marketing
You may receive marketing communications from us by email, WhatsApp, text message or telephone if
you have requested information or services from us and have not opted out of receiving marketing.
If you opt out of marketing communications, we may still process your personal data where necessary
for other lawful purposes.
We do not sell, rent, lease or otherwise provide our customer lists to third parties.
You can opt out at any time by using the unsubscribe link in our communications or by emailing
hello@loumacountryhotel.co.uk.
Disclosure of Your Information
We do not rent or sell your personal information without your explicit consent. However, we may
share your information with:
- Other companies within our group for administrative and organisational purposes.
- Third-party service providers supporting our operations.
- Activity providers involved in delivering services booked through Louma Farm and Retreat.
- Analytics, CRM and communication software providers.
- Payment providers such as Stripe.
- Government, regulatory or law enforcement authorities where legally required.
- Prospective purchasers of our business.
- Other third parties where you have provided explicit consent.
We require all third parties to respect the security of your personal data and process it in
accordance with applicable laws.
International Data Transfers
Your data may be transferred to and stored outside the EEA and the UK. Where this occurs, we will
ensure appropriate safeguards are in place, including adequacy decisions, approved contractual
clauses or equivalent protection mechanisms.
For further information, please contact
hello@loumacountryhotel.co.uk.
Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was
collected or as required by applicable law.
When determining retention periods, we consider:
- Legal and contractual obligations.
- The necessity of the data for service delivery.
- The nature and sensitivity of the information.
- The purposes for which the data is processed.
- Applicable statutory retention requirements.
Routine CCTV footage is generally retained for no longer than 30 days, unless a longer retention
period is required for an incident, investigation, insurance matter or legal claim.
Your Rights
Under GDPR and UK GDPR, you have the following rights:
- Request access to your personal data (DSAR).
- Request correction of inaccurate or incomplete data.
- Request restriction of processing.
- Request deletion of your personal data where appropriate.
- Object to processing based on legitimate interests or direct marketing.
- Request portability of your personal data in a machine-readable format.
To exercise any of these rights, please contact
hello@loumacountryhotel.co.uk.
Contact and Complaints
Questions, comments and requests regarding this Privacy Policy should be addressed to
hello@loumacountryhotel.co.uk.
Data Protection Officer
Aphaia LtdThe Brew
Eagle House
163 City Rd
London EC1V 1NR
Email:
dpo@aphaia.co.uk
If you make a complaint regarding how we process your personal data, we will acknowledge and
investigate it in accordance with applicable law and keep you informed of the outcome.
You may also lodge a complaint with the UK Information Commissioner’s Office (ICO):
https://ico.org.uk
July 2026